CakePHP: the rapid development php framework: CakeBot

Log message #4171980

#	At	Username	Text
#	Jan 1st 2019, 03:52	Ayam	hello
#	Jan 1st 2019, 03:20	challgren	and do the checks there if you wanted
#	Jan 1st 2019, 03:20	challgren	You could write a method on the Table to process your delete
#	Jan 1st 2019, 03:20	challgren	The entity wont get the request data so it wont be able to do any validation
#	Jan 1st 2019, 03:19	cgtag	okay
#	Jan 1st 2019, 03:19	challgren	That and many other things, If you need to control deletion run your checks in the controller
#	Jan 1st 2019, 03:19	cgtag	Because of associated data?
#	Jan 1st 2019, 03:18	challgren	Nope
#	Jan 1st 2019, 03:18	cgtag	Seems like a business rule constraint in the domain of the model. If you make it a rule it stops all attack vectors. Wouldn't it?
#	Jan 1st 2019, 03:17	challgren	The validation is for data being created/patched you would need to define your own access control in the controller
#	Jan 1st 2019, 03:16	cgtag	I want to check user ownership of records. Make sure the user_id is for the current user.
#	Jan 1st 2019, 03:16	challgren	Why would you need validation rules when deleting?
#	Jan 1st 2019, 03:14	cgtag	When creating a custom rule. The docs say that "$rules->add(..)" only adds rules for create and update options. Does this mean that the rule is excluded from delete operations? If so, does anyone know why it's excluded?
#	Jan 1st 2019, 03:13	cgtag	I have a question about the documentation here: https://book.cakephp.org/3.0/en/orm/validation.html#creating-a-rules-checker
#	Jan 1st 2019, 03:13	cgtag	Happy New Year!
#	Jan 1st 2019, 02:23	wp4nuv	Happy New Year!!
#	Jan 1st 2019, 00:23	wp4nuv	Hello folks! On Cake2, has anyone had issues with queries that do not return all requested fields?
#	Dec 31st 2018, 23:33	murat	Just to differentiate between an error and authorization problem when I process the ajax response.
#	Dec 31st 2018, 23:32	murat	Anything other than 500 is fine.
#	Dec 31st 2018, 23:32	challgren	But on that I’m not 100% I could see you wanting 401
#	Dec 31st 2018, 23:29	murat	Thanks a lot.
#	Dec 31st 2018, 23:28	murat	Yeah, that makes sense actually.
#	Dec 31st 2018, 23:28	challgren	403 would be what you want honestly
#	Dec 31st 2018, 23:28	murat	Is there a way to change the response for unauthorized AJAX requests to a particular HTTP code?
#	Dec 31st 2018, 23:26	challgren	Sweet!
#	Dec 31st 2018, 23:26	murat	Ok, now it gives `ForbiddenException` which is good.
#	Dec 31st 2018, 23:23	challgren	Try putting it in initialize function
#	Dec 31st 2018, 23:23	murat	@challgren I just realized, when an AJAX request is unauthorized, `$this->Auth` returns false and causes `beforeFilter()` to show an error about the failed call to `config()`.
#	Dec 31st 2018, 23:16	challgren	I’ll be doing a big PR to fix em all. I’m tired of my logs getting filled from CommonComponent
#	Dec 31st 2018, 23:12	challgren	Man @dereuromark the Tools plugin needs a lot of help with the tests! 100+ errors when turning on DEPREACTED warnings
#	Dec 31st 2018, 22:54	murat	Thanks a lot :grinning:
#	Dec 31st 2018, 22:43	challgren	sweet!! Glad it helped yah!
#	Dec 31st 2018, 22:24	murat	This seems to work. ``` public function beforeFilter(Event $event) { if ($this->request->is('ajax')) { $this->Auth->config('unauthorizedRedirect', false); } } ```
#	Dec 31st 2018, 22:13	murat	I'm still working on it. I needed to take a quick break.
#	Dec 31st 2018, 22:07	challgren	That work @murat ?
#	Dec 31st 2018, 21:43	challgren	might need a $this->Auth->config(‘loginAction’, false); somewhere in there too but again depends on your config
#	Dec 31st 2018, 21:42	murat	That's interesting; let me give it a try.
#	Dec 31st 2018, 21:41	murat	Oh ok, I was confused because I keep thinking about `isAuthorized` or the action methods.
#	Dec 31st 2018, 21:40	challgren	or initialize()
#	Dec 31st 2018, 21:40	challgren	Depends on your config but beforeFilter of the AppController
#	Dec 31st 2018, 21:40	murat	I'm not sure where I'm supposed to put that.